On January 18, during a luncheon fireside chat at the California Lawyers Association’s UCL Institute event in Los Angeles, Federal Trade Commission (“FTC”) Bureau of Consumer Protection Director Samuel Levine shared his insights on what data practices are of concern to him and to the FTC. Companies should take heed of his comments, the highlights
On 16 January 2024, Singapore published a consultation paper[1] to elicit feedback from the public, and internationally, on a proposed Model AI Governance Framework for Generative AI.
The paper addresses nine “dimensions” pertaining to generative AI, namely:
This involves laying down responsibilities, including to end users, from across all stacks within the AI
The Spanish antitrust regulator, the Comisión Nacional de los Mercados y de la Competencia (CNMC), has joined the proposed “State Pact” for protecting Spanish children from harmful content online and in social media. The CNMC joins the Spanish Data Protection Authority and Attorney General’s Office, as well as civil society and UN bodies, in supporting the proposal to develop long-term approaches to online safety. Continue Reading The Spanish Antitrust Authority (CNMC) Follows the Spanish Data Protection Authority (AEPD) and Joins Forces with Other National and International Institutions to Protect Minors on the Internet and in Social Networks
Transparency, from the medieval Latin “transparentia”, is thought to have emerged in the late 16th century as a general term for a transparent object. In essence, it means the property of allowing light to pass through so that objects behind it can be clearly seen. But in the 21st century, transparency has a different and broader meaning.
The Spanish Data Protection Agency (Agencia Española Protección de Datos, or AEPD) published an article in September 2023 on transparency in the context of the proposed Artificial Intelligence Act (AI Act) and the General Data Protection Regulation (GDPR), clarifying that different actors, different information and different recipients are involved, depending on the regulation.Continue Reading AEPD’s Position Regarding Transparency (AIA vs. GDPR)
On January 15, 2024, the European Commission (EC) published its report on 11 adequacy decisions made under the Data Protection Directive. This is the first review of its kind in GDPR times for adequacy decisions that were living their own existence, with not many troubles (leaving the US one aside). A periodic checkup is foreseen in the most recent adequacy decisions (and Japan last review was published in April 2023), but not much was done for the other ones; this is now remedied.Continue Reading Adequate One Day Keeps Personal Data Transfer Problems (Forever) Away? Let’s See What the EU Doctor Just Said
The UK Data Protection and Digital Information Bill (the Bill) received its second reading in the House of Lords on 19 December 2023. Although the Bill cleared that crucial milestone, the debate focused on the government’s last-minute introduction of sweeping powers enabling the Secretary of State to require banks and other financial service providers to monitor and to provide information from accounts into which benefits are paid. Although ostensibly intended to identify fraud, the Lords echoed the view expressed by campaigning group, Big Brother Watch, that it would be:
“wholly inappropriate for the UK Government to order private banks, building societies and other financial services to conduct mass, algorithmic, suspicionless surveillance and reporting of their account holders on behalf of the state”.Continue Reading Government access to personal data in bank accounts: a compliance challenge for banks, and a threat to EU adequacy?
On January 16, Governor Murphy signed S332 (Sixth Reprint) into law, making New Jersey the 13th or 14th state (depending on if you count Florida) with a consumer privacy law on the books. We previously covered the now enacted law here. S332 applies to controllers and processors who conduct business in
This year, Congress is steadily progressing towards enacting meaningful legislation on artificial intelligence (AI) for the first time. At the end of 2023, Senate Majority Leader Chuck Schumer (D-NY) and his “Gang of Four” (Senators Todd Young (R-IN), Martin Heinrich (D-NM), and Mike Rounds (R-SD)) concluded their AI Insight Forums, a series of sessions where
Most U.S. public companies are gearing up to prepare and file their annual reports (Forms 10-K) between February 29th and April 1st. This year’s preparations will be busier because the Regulations on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (Cyber Risk Regulations) issued by the Securities and Exchange Commission’s (SEC) are now in force. Continue Reading FBI and DOJ Issue Guidance on SEC Incident Reporting Delay Requests
2023 was an eventful year for privacy legislation, regulation and regulatory enforcement. The compliance landscape continues to develop and evolve rapidly, making it difficult for covered businesses to keep up with the myriad requirements. In this post, we discuss some of the year’s most interesting privacy compliance developments globally.Continue Reading 2023 Privacy Compliance Year in Review